Full Disclosure - Controversy

Controversy

Full disclosure can be controversial, as often these disclosures include code or executable tools to exploit the vulnerability. The argument against disclosure is that providing complete details or tools to malicious attackers, such as black hats and script kiddies, allows them to take advantage of vulnerabilities more quickly and makes attacks more widespread. However, this argument assumes that without disclosure such tools and attacks would not have occurred. The advantage of disclosure is that white hats will obtain the information, and that the vulnerability will be detected and patched more quickly.

n3td3v was banned from the Full disclosure mailing list on January 21 2009. n3td3v is thought to be banned in response to his widespread criticism of what he saw as irresponsible disclosure practices carried out by some security researchers, such as HD Moore. Some saw the banning of n3td3v as an attack on freedom of speech in an email post to the list August 31 2009, while others accuse him of being an internet troll.

In August 2010, HD Moore found about 40 vulnerabilities related to DLL load hijacking in Windows applications that Rapid7 was going to publish under its vulnerability disclosure policy. Arcos, a Slovenian security firm, found one related vulnerability for iTunes and decided to publish without alerting the vendor, saying "it hasn’t paid out well" in the past and "we’ve found better markets for this kind of information".

Read more about this topic:  Full Disclosure

Famous quotes containing the word controversy:

    Ours was a highly activist administration, with a lot of controversy involved ... but I’m not sure that it would be inconsistent with my own political nature to do it differently if I had it to do all over again.
    Jimmy Carter (James Earl Carter, Jr.)

    And therefore, as when there is a controversy in an account, the parties must by their own accord, set up for right Reason, the Reason of some Arbitrator, or Judge, to whose sentence, they will both stand, or their controversy must either come to blows, or be undecided, for want of a right Reason constituted by Nature; so is it also in all debates of what kind soever.
    Thomas Hobbes (1579–1688)